I get the first feedback from Apache users that want their http: only hosts to also serve https:. This is nice feedback to improve usability of mod_md.
Ideally, what these people want - and that is purely my interpretation - is to add a few lines to their config and - voila - https: is available. And, honestly, why should they not expect that? Example: Duplication/Redirect They have something like: ---------------------------------- Listen 80 <VirtualHost *:80> ServerName xxx.yyy ... </VirtualHost> ---------------------------------- and want to also make that available on https: ---------------------------------- Listen http://*:80 Listen https://*:443 <VirtualHost *:80> ServerName xxx.yyy AlternatePorts 443 ... </VirtualHost> ---------------------------------- or redirect everyone to https: ---------------------------------- Listen http://*:80 Listen https://*:443 <VirtualHost *:443> ServerName xxx.yyy RedirectPermanentFrom 80 ... </VirtualHost> ---------------------------------- I am not hooked on the names, but I hope you understand the intent? Anyone with me on this? Cheers, Stefan > Am 10.08.2017 um 16:19 schrieb Stefan Eissing <stefan.eiss...@greenbytes.de>: > >> Am 10.08.2017 um 16:09 schrieb William A Rowe Jr <wr...@rowe-clan.net>: >> >> Let's break it down and consider the implications of Listen... >> >> On Thu, Aug 10, 2017 at 8:28 AM, Stefan Eissing >> <stefan.eiss...@greenbytes.de> wrote: >>> Now that mod_md has landed in trunk, I am looking at more ways >>> to simplify a SSL configuration. Looking at the Listen directive, >>> it has an optional 2nd protocol parameter. >>> >>> Would it be unreasonable to assume that a >>> Listen NNN https >>> >>> means that "SSLEngine on" should be the default in all >>> <VirtualHost *:NNN> >>> ServerName xxx.yyy >>> ... >>> </VirtualHost> >>> >>> sections? >> >> Firstly, we have well understood protocols definitions, so there >> are several shorthand flavors that could be introduced; >> >> Listen https >> >> has a very plain and obvious meaning. Thus, so would these; >> >> Listen https://192.168.1.1 >> Listen https://xxx.yyy >> Listen https://192.168.1.1:8443 >> Listen https://xxx.yyy:8443 > > I like this. Coming back to this. If we - optionally - would support this in the 'Listen' directive